Sign in
Sign up
Explore
Enterprise
Education
Search
Help
Terms of use
About Us
Explore
Enterprise
Education
Gitee Premium
Gitee AI
AI teammates
Sign in
Sign up
Fetch the repository succeeded.
description of repo status
Donate
Please sign in before you donate.
Cancel
Sign in
Scan WeChat QR to Pay
Cancel
Complete
Prompt
Switch to Alipay.
OK
Cancel
Watch
Unwatch
Watching
Releases Only
Ignoring
15
Star
11
Fork
109
src-openEuler
/
systemd
Closed
Code
Issues
9
Pull Requests
2
Wiki
Insights
Pipelines
Service
JavaDoc
PHPDoc
Quality Analysis
Jenkins for Gitee
Tencent CloudBase
Tencent Cloud Serverless
悬镜安全
Aliyun SAE
Codeblitz
SBOM
DevLens
Don’t show this again
Update failed. Please try again later!
Remove this flag
Content Risk Flag
This task is identified by
as the content contains sensitive information such as code security bugs, privacy leaks, etc., so it is only accessible to contributors of this repository.
CVE-2023-50387
Done
#I9F7ML
CVE和安全问题
openeuler-ci-bot
owner
Opened this issue
2024-04-09 16:21
一、漏洞信息 漏洞编号:[CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) 漏洞归属组件:[systemd](https://gitee.com/src-openeuler/systemd) 漏洞归属的版本:243,246,248,249,253 CVSS V3.0分值: BaseScore:7.5 High Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 漏洞简述: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. 漏洞公开时间:2024-02-15 00:15:45 漏洞创建时间:2024-04-09 16:21:17 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2023-50387 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | cve.mitre.org | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | | cve.mitre.org | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | | cve.mitre.org | https://access.redhat.com/security/cve/CVE-2023-50387 | | | cve.mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | | cve.mitre.org | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | | cve.mitre.org | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | | cve.mitre.org | https://kb.isc.org/docs/cve-2023-50387 | | | cve.mitre.org | https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ | | | cve.mitre.org | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | | cve.mitre.org | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | | cve.mitre.org | https://news.ycombinator.com/item?id=39367411 | | | cve.mitre.org | https://news.ycombinator.com/item?id=39372384 | | | cve.mitre.org | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | | cve.mitre.org | https://security.netapp.com/advisory/ntap-20240307-0007/ | | | cve.mitre.org | https://www.athene-center.de/aktuelles/key-trap | | | cve.mitre.org | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | | cve.mitre.org | https://www.isc.org/blogs/2024-bind-security-release/ | | | cve.mitre.org | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | | cve.mitre.org | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | | redhat_bugzilla | https://fosstodon.org/@tychotithonus@infosec.exchange/111924626751024210 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.1 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://kb.isc.org/docs/cve-2023-50387 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.athene-center.de/en/news/press/key-trap | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://labs.ripe.net/author/haya-shulman/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/ | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://lists.dns-oarc.net/pipermail/dns-operations/2024-February/022436.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.isc.org/blogs/2024-bind-security-release/ | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0965 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0977 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0981 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0982 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1334 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1335 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1522 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1543 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1544 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1545 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1647 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1648 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1781 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1782 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1789 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1801 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1800 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1804 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1803 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | ubuntu | https://kb.isc.org/docs/cve-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6633-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6642-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6657-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6665-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6723-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://www.cve.org/CVERecord?id=CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6657-2 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://launchpad.net/bugs/cve/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | debian | | https://security-tracker.debian.org/tracker/CVE-2023-50387 | | bind | | https://kb.isc.org/v1/docs/cve-2023-50387 | | anolis | | https://anas.openanolis.cn/cves/detail/CVE-2023-50387 | | cve_search | | https://www.athene-center.de/aktuelles/key-trap | | cve_search | | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | cve_search | | https://kb.isc.org/docs/cve-2023-50387 | | cve_search | | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | cve_search | | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | cve_search | | https://news.ycombinator.com/item?id=39367411 | | cve_search | | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | cve_search | | https://www.isc.org/blogs/2024-bind-security-release/ | | cve_search | | https://news.ycombinator.com/item?id=39372384 | | cve_search | | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | cve_search | | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | cve_search | | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | cve_search | | https://access.redhat.com/security/cve/CVE-2023-50387 | | cve_search | | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | cve_search | | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | cve_search | | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | cve_search | | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | cve_search | | https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: openBrain开源漏洞感知系统 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | | | https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3ae7f1ab0d847b17fdc95fd0e5b3120f66dc3af9 | | snyk | | | | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | nvd | | | | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | nvd | | | | https://access.redhat.com/security/cve/CVE-2023-50387 | | nvd | | | | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | nvd | | | | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | nvd | | | | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | nvd | | | | https://kb.isc.org/docs/cve-2023-50387 | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | nvd | | | | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | nvd | | | | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | nvd | | | | https://news.ycombinator.com/item?id=39367411 | | nvd | | | | https://news.ycombinator.com/item?id=39372384 | | nvd | | | | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | nvd | | | | https://www.athene-center.de/aktuelles/key-trap | | nvd | | | | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | nvd | | | | https://www.isc.org/blogs/2024-bind-security-release/ | | nvd | | | | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | nvd | | | | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | nvd | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/c12608ca934c0433d280e65fe6c631013e200cfe | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/751b7cc4750ede6d8c5232751d60aad8ad84aa67 | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/6a65a425283d70da86bf732449acd6d7c8dec718 | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/3d206e918b3efbc20074629ad9d99095fbd2e5fd | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614 | | ubuntu | | | | https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae | | debian | | | | https://www.nlnetlabs.nl/downloads/unbound/patch_CVE-2023-50387_CVE-2023-50868.diff | | unbound | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/c12608ca934c0433d280e65fe6c631013e200cfe%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/751b7cc4750ede6d8c5232751d60aad8ad84aa67%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/6a65a425283d70da86bf732449acd6d7c8dec718%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/3d206e918b3efbc20074629ad9d99095fbd2e5fd%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614%20(v9.16.48) | | ubuntu | </details> 二、漏洞分析结构反馈 影响性分析说明: DNS 协议的某些 DNSSEC 方面(在 RFC 4033、4034、4035、6840 和相关 RFC 中)允许远程攻击者通过一个或多个 DNSSEC 响应造成拒绝服务。 openEuler评分: 7.5 Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 受影响版本排查(受影响/不受影响): 1.master(253):受影响 2.openEuler-20.03-LTS-SP1(243):受影响 3.openEuler-20.03-LTS-SP4(243):受影响 4.openEuler-22.03-LTS(249):受影响 5.openEuler-22.03-LTS-Next(249):受影响 6.openEuler-22.03-LTS-SP1(249):受影响 7.openEuler-22.03-LTS-SP2(249):受影响 8.openEuler-22.03-LTS-SP3(249):受影响 9.openEuler-24.03-LTS:受影响 10.openEuler-24.03-LTS-Next:受影响 修复是否涉及abi变化(是/否): 1.master(253):否 2.openEuler-20.03-LTS-SP1(243):否 3.openEuler-20.03-LTS-SP4(243):否 4.openEuler-22.03-LTS(249):否 5.openEuler-22.03-LTS-Next(249):否 6.openEuler-22.03-LTS-SP1(249):否 7.openEuler-22.03-LTS-SP2(249):否 8.openEuler-22.03-LTS-SP3(249):否 9.openEuler-24.03-LTS:否 10.openEuler-24.03-LTS-Next:否 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1489
一、漏洞信息 漏洞编号:[CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387) 漏洞归属组件:[systemd](https://gitee.com/src-openeuler/systemd) 漏洞归属的版本:243,246,248,249,253 CVSS V3.0分值: BaseScore:7.5 High Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 漏洞简述: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. 漏洞公开时间:2024-02-15 00:15:45 漏洞创建时间:2024-04-09 16:21:17 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2023-50387 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | cve.mitre.org | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | | cve.mitre.org | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | | cve.mitre.org | https://access.redhat.com/security/cve/CVE-2023-50387 | | | cve.mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | | cve.mitre.org | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | | cve.mitre.org | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | | cve.mitre.org | https://kb.isc.org/docs/cve-2023-50387 | | | cve.mitre.org | https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ | | | cve.mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ | | | cve.mitre.org | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | | cve.mitre.org | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | | cve.mitre.org | https://news.ycombinator.com/item?id=39367411 | | | cve.mitre.org | https://news.ycombinator.com/item?id=39372384 | | | cve.mitre.org | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | | cve.mitre.org | https://security.netapp.com/advisory/ntap-20240307-0007/ | | | cve.mitre.org | https://www.athene-center.de/aktuelles/key-trap | | | cve.mitre.org | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | | cve.mitre.org | https://www.isc.org/blogs/2024-bind-security-release/ | | | cve.mitre.org | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | | cve.mitre.org | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | | redhat_bugzilla | https://fosstodon.org/@tychotithonus@infosec.exchange/111924626751024210 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.1 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://kb.isc.org/docs/cve-2023-50387 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.athene-center.de/en/news/press/key-trap | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://labs.ripe.net/author/haya-shulman/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/ | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://lists.dns-oarc.net/pipermail/dns-operations/2024-February/022436.html | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://www.isc.org/blogs/2024-bind-security-release/ | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0965 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0977 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0981 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:0982 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1334 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1335 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1522 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1543 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1544 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1545 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1647 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1648 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1781 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1782 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1789 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1801 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1800 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1804 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:1803 | https://bugzilla.redhat.com/show_bug.cgi?id=2263914 | | ubuntu | https://kb.isc.org/docs/cve-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6633-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6642-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6657-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6665-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6723-1 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://www.cve.org/CVERecord?id=CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://ubuntu.com/security/notices/USN-6657-2 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://launchpad.net/bugs/cve/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-50387 | https://ubuntu.com/security/CVE-2023-50387 | | debian | | https://security-tracker.debian.org/tracker/CVE-2023-50387 | | bind | | https://kb.isc.org/v1/docs/cve-2023-50387 | | anolis | | https://anas.openanolis.cn/cves/detail/CVE-2023-50387 | | cve_search | | https://www.athene-center.de/aktuelles/key-trap | | cve_search | | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | cve_search | | https://kb.isc.org/docs/cve-2023-50387 | | cve_search | | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | cve_search | | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | cve_search | | https://news.ycombinator.com/item?id=39367411 | | cve_search | | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | cve_search | | https://www.isc.org/blogs/2024-bind-security-release/ | | cve_search | | https://news.ycombinator.com/item?id=39372384 | | cve_search | | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | cve_search | | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | cve_search | | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | cve_search | | https://access.redhat.com/security/cve/CVE-2023-50387 | | cve_search | | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | cve_search | | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | cve_search | | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | cve_search | | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | cve_search | | https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ | | cve_search | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: openBrain开源漏洞感知系统 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | | | https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3ae7f1ab0d847b17fdc95fd0e5b3120f66dc3af9 | | snyk | | | | http://www.openwall.com/lists/oss-security/2024/02/16/2 | | nvd | | | | http://www.openwall.com/lists/oss-security/2024/02/16/3 | | nvd | | | | https://access.redhat.com/security/cve/CVE-2023-50387 | | nvd | | | | https://bugzilla.suse.com/show_bug.cgi?id=1219823 | | nvd | | | | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html | | nvd | | | | https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 | | nvd | | | | https://kb.isc.org/docs/cve-2023-50387 | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ | | nvd | | | | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ | | nvd | | | | https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html | | nvd | | | | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 | | nvd | | | | https://news.ycombinator.com/item?id=39367411 | | nvd | | | | https://news.ycombinator.com/item?id=39372384 | | nvd | | | | https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ | | nvd | | | | https://www.athene-center.de/aktuelles/key-trap | | nvd | | | | https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf | | nvd | | | | https://www.isc.org/blogs/2024-bind-security-release/ | | nvd | | | | https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ | | nvd | | | | https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ | | nvd | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/c12608ca934c0433d280e65fe6c631013e200cfe | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/751b7cc4750ede6d8c5232751d60aad8ad84aa67 | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/6a65a425283d70da86bf732449acd6d7c8dec718 | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/3d206e918b3efbc20074629ad9d99095fbd2e5fd | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614 | | ubuntu | | | | https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae | | debian | | | | https://www.nlnetlabs.nl/downloads/unbound/patch_CVE-2023-50387_CVE-2023-50868.diff | | unbound | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/c12608ca934c0433d280e65fe6c631013e200cfe%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/751b7cc4750ede6d8c5232751d60aad8ad84aa67%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/6a65a425283d70da86bf732449acd6d7c8dec718%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/3d206e918b3efbc20074629ad9d99095fbd2e5fd%20(v9.16.48) | | ubuntu | | bind9 | | https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614%20(v9.16.48) | | ubuntu | </details> 二、漏洞分析结构反馈 影响性分析说明: DNS 协议的某些 DNSSEC 方面(在 RFC 4033、4034、4035、6840 和相关 RFC 中)允许远程攻击者通过一个或多个 DNSSEC 响应造成拒绝服务。 openEuler评分: 7.5 Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 受影响版本排查(受影响/不受影响): 1.master(253):受影响 2.openEuler-20.03-LTS-SP1(243):受影响 3.openEuler-20.03-LTS-SP4(243):受影响 4.openEuler-22.03-LTS(249):受影响 5.openEuler-22.03-LTS-Next(249):受影响 6.openEuler-22.03-LTS-SP1(249):受影响 7.openEuler-22.03-LTS-SP2(249):受影响 8.openEuler-22.03-LTS-SP3(249):受影响 9.openEuler-24.03-LTS:受影响 10.openEuler-24.03-LTS-Next:受影响 修复是否涉及abi变化(是/否): 1.master(253):否 2.openEuler-20.03-LTS-SP1(243):否 3.openEuler-20.03-LTS-SP4(243):否 4.openEuler-22.03-LTS(249):否 5.openEuler-22.03-LTS-Next(249):否 6.openEuler-22.03-LTS-SP1(249):否 7.openEuler-22.03-LTS-SP2(249):否 8.openEuler-22.03-LTS-SP3(249):否 9.openEuler-24.03-LTS:否 10.openEuler-24.03-LTS-Next:否 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1489
Comments (
15
)
Sign in
to comment
Status
Done
Backlog
已挂起
Doing
Done
Declined
Assignees
Not set
wangyuhang
wangyuhang27
Assignee
Collaborator
+Assign
+Mention
Labels
CVE/FIXED
sig/Base-service
Not set
Projects
Unprojected
Unprojected
Milestones
No related milestones
No related milestones
Pull Requests
None yet
None yet
Successfully merging a pull request will close this issue.
Branches
No related branch
Branches (
-
)
Tags (
-
)
Planed to start - Planed to end
-
Top level
Not Top
Top Level: High
Top Level: Medium
Top Level: Low
Priority
Not specified
Serious
Main
Secondary
Unimportant
Duration
(hours)
参与者(2)
1
https://gitee.com/src-openeuler/systemd.git
git@gitee.com:src-openeuler/systemd.git
src-openeuler
systemd
systemd
Going to Help Center
Search
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Comment
Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register
